A mobile communication system comprising a multiplicity of mobile devices, and a server communicating with the mobile devices via a communication network, and a central database which is in data communication with the server and which is operative for storing sensitive data encrypted using at least one key, at least a portion of which is provided, only on certain occasions, by an individual one of the mobile devices and is not retained between the occasions by the central database.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A mobile communication system comprising: a multiplicity of mobile devices; and a server communicating with the mobile devices via a communication network; and a central database which is in data communication with the server and which is operative for storing sensitive data encrypted using at least one device key, at least a portion of which is provided, only on certain occasions, by an individual one of the mobile devices and is not retained between said occasions by the central database, wherein each device encrypts both the device key and sensitive computer data associated with the device and sends them to the server, the server decrypts the received information thereby to yield the sensitive computer data associated with the device and the device key, the server encrypts the sensitive computer data associated with the device with the device key, and the server stores the encrypted data in the database and discards the device key.
2. A system according to claim 1 wherein the sensitive data is double-encrypted, wherein a second layer of encryption is provided by use of at least one private key known only to the server.
3. A system according to claim 2 wherein said at least one private key known only to the server comprises a single key used for all device records.
4. A system according to claim 1 wherein the sensitive data comprises a multiplicity of device-specific data records each respectively including an ID identifying a respective one of the multiplicity of mobile devices.
5. A system according to claim 4 wherein each individual record from among the multiplicity of device-specific data records is protected with a key at least a portion of which is provided, on occasion, by an individual one of the mobile devices identified by the ID included in the individual record.
6. A system according to claim 5 wherein each key, provided by an individual one of the multiplicity of mobile devices, thereby to define a multiplicity of device-specific keys, undergoes encryption before it is provided to the server, and undergoes decryption thereafter, using a network key specific to said individual one of the multiplicity of mobile devices, whose network key is created by the server and stored in the database, thereby to define a multiplicity of network keys.
7. A system according to claim 1 wherein at least a portion of said key is stored aboard the individual one of the mobile devices.
8. A system according to claim 7 wherein at least a portion of said key is stored on the mobile device's key store and is managed by the device's OS (operating system).
9. A system according to claim 1 wherein at least a portion of at least one key is never stored in any permanent storage medium in the central database.
10. A system according to claim 1 wherein at least a portion of at least one key is erased from memory of the server, soon after being used by the server subsequent to having been provided, by said individual one of the mobile devices, to the server.
11. A system according to claim 1 wherein at least a portion of said key is stored on the server in the clear, only while a single specific key-based operation is performed after which at least a portion of the key is cleared from memory by the server.
12. A system according to claim 11 wherein said single specific key-based operation comprises registration of credit card particulars.
13. A system according to claim 11 wherein said single specific key-based operation comprises effecting payment to a single vendor for a single device-vendor transaction.
14. A system according to claim 1 wherein at least a portion of said key undergoes encryption before it is provided to the server by an individual one of the mobile devices, and undergoes decryption thereafter, using a per-device network key which is created by the server and stored in the database and in the device.
15. A system according to claim 1 wherein the key is created by the device.
16. A computerized method for retaining sensitive computer data regarding each of a multiplicity of mobile devices communicating with a computer server via a communication network, the method comprising: storing sensitive computer data encrypted using at least one cryptographic key (“device key”), in a central computer database which is in data communication with the server; and accepting at least a portion of the key, only on certain occasions, from an individual one of the mobile devices rather than retaining said portion in the central database between said occasions, wherein said storing comprises: at each device, encrypting both sensitive personal data associated with the device, and the device key using the first network key set, thereby to generate encrypted information, and sending said encrypted information to the server together with devices' ID; at server, decrypting said encrypted information thereby to yield sensitive personal data and device key; at server, double-encrypting the sensitive personal data with the device key and with a server key comprising a private key that is known to the server, thereby to yield double-encrypted data; and storing the double-encrypted data in the data base, under device's ID, and discarding the device key.
17. A method according to claim 16 and also comprising using a first Network key set to encrypt the communication between server and each device.
18. A method according to claim 17 wherein said first network key set includes one key per device and each key in the first network key set is generated on the server and sent to the key's corresponding mobile device when an individual mobile device first interacts with the server.
19. A method according to claim 17 wherein said first network key set includes a public/private key pair and wherein the public key is sent to at least one device using a computerized public distribution protocol.
20. A method according to claim 19 wherein said sensitive data comprises credit card data.
21. A method according to claim 16 and also comprising using a second network key set to encrypt communication between the server and a clearing house.
22. A method according to claim 21 and also comprising: at server, accepting from a device, a payment call including its own (device's) ID, plus device key encrypted using first network key set; at server, decrypting the device key, using the first network key set; at server, pulling double encrypted data corresponding to said ID included in the payment call, from the database and decrypting the double encrypted data using the device key and server key and discarding the device key.
23. A method according to claim 21 wherein the second network key set includes one key per clearing house and each key in the second network key set is generated for the server and sent by the key's corresponding clearing house.
24. A method according to claim 23 wherein each key in the second network key set is sent by the key's corresponding clearing house when the clearing house first interacts with the server.
25. A method according to claim 23 wherein said second network key set includes a public/private key pair and wherein the public key is sent to the server by at least one clearing house using a computerized public distribution protocol.
26. A method according to claim 1 wherein the server verifies validity of the sensitive data with a data clearing house before storing the sensitive data and discarding the device key.
27. A method according to claim 1 wherein said sensitive data comprises credit card data.
28. A method according to claim 22 and also comprising sending the data as decrypted from the server to a clearing house, encrypted only with a second network key set.
29. A method according to claim 16 wherein said sensitive computer data is encrypted using only one encryption performed with a single key formed by combining the device key and a server key known only to the server, such that successful encryption depends both on knowledge private to the device and on knowledge private to the server.
30. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a method for retaining sensitive computer data regarding each of a multiplicity of mobile devices communicating with a computer server via a communication network, the method comprising: storing sensitive computer data encrypted using at least one cryptographic key (“device key”), in a central computer database which is in data communication with the server; and accepting at least a portion of the key, only on certain occasions, from an individual one of the mobile devices rather than retaining said portion in the central database between said occasions, wherein each device encrypts both the device key and sensitive computer data associated with the device and sends them to the server, the server decrypts the received information thereby to yield the sensitive computer data associated with the device and the device key, the server encrypts the sensitive computer data associated with the device with the device key, and the server stores the encrypted data in the database and discards the device key.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 29, 2012
December 30, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.